I guess that checking up on current exploits and installing security
patches will need to become a regular maintenance item, just like
re-filling cryogens. Miss one -- not good...
Today's CERT Advisory: http://www.cert.org/advisories/CA-2001-34.html
"Buffer Overflow in System V Derived Login", states:
Systems Affected:
IBM AIX versions 4.3 and 5.1, Hewlett-Packard's HP-UX,
SCO OpenServer 5.0.6 and earlier, SGI IRIX 3.x, Sun Solaris 8 and earlier
Overview:
Several applications use login for authentication to
the system. A remotely exploitable buffer overflow exists in login
derived from System V. Attackers can exploit this vulnerability to gain
root access to the server.
Specifically, if you still allow Telnet and/or rlogin, a remote attacker
could gain root access. Actually, any program which uses "login" presents
the same problem. As CERT points out, this includes ssh if configured with
"UseLogin yes".
Look for this (in /etc/sshd_config or /etc/ssh/sshd_config), make sure it
is "UseLogin no".
As always, use the /etc/hosts.allow file to really only grant access to remotes
that you actually want to be able to connect.
Regards,
Rudi Nunlist
At 02:08 PM 12/12/01 -0400, Guillermo Moyna wrote:
>Hi gang,
>
>This one is unrelated to NMR, but important if you have a linux box (i.e., new brukers will) with all your data on it.
>
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Rudi Nunlist
University of California rnunlist_at_purcell.cchem.berkeley.edu
College of Chemistry
NMR Facility
Berkeley, CA 94720-1460
www.cchem.berkeley.edu/College/Facilities/nmr
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Received on Thu Dec 13 2001 - 14:51:08 MST